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IN THE CLAIMS 

1 . (Currently amended) A method for partitioning of cryptographic fimctionahty so as to 
permit delegation of at least one of a plurality of distinct portions of the cryptographic functionality 
from a delegating device to at least one recipient device, the cryptographic functionality being 
oharaot e rizabl e characterized as a graph comprising a plurality of nodes, the method comprising the 
steps of: 

associating a given set of the nodes with a corresponding one of the plurality of distinct 
portions of the cryptographic functionality; and 

transmitting from the delegating device to the recipient device information representative of 
one or more of the nodes , such that; 

the recipient device is thereby configurabl e being configured based on the transmitted 
information for authorized execution of a corresponding one of the plurality of distinct portions of 
the cryptographic functionality. 

2. (Original) The method of claim 1 wherein at least one of the nodes of the graph 
corresponds to a seed the possession of which permits execution of a corresponding one of the 
distinct portions of the crs^Jtographic functionality. 

3. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
two of the nodes. 

4. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
one parent node of the graph. 
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5. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
one child node of a parent node of the graph. 

6. (Original) The method of claim 1 wherein the graph comprises at least first and second 
root nodes. 

7. (Original) The method of claim 1 wherein the graph comprises a tree having at least first 
and second subtrees associated with respective first and second ones of the plurality of distinct 
portions of the cryptographic fimctionality. 

8. (Original) The method of claim 1 wherein the graph comprises a chain. 

9. (Original) The method of claim 1 wherein the graph comprises L levels of nodes, an Ith 
one of the levels comprising a parent node v^\, and a first one of these levels comprising a set of 
seeds vi,i, vi,2, . . . vi,„, where n is the total number of seeds, each of the seeds being derivable from 
the parent node. 

10. (Original) The method of claim 9 wherein an /th node of a Ath one of the levels is 
computed as fi^i, v^+i), where is a one-way function. 

11. (Original) The method of claim 10 wherein the nodes of one or more of the levels are 
arranged in the form of tuples of designated numbers of nodes. 

12. (Original) The method of claim 1 1 wherein the fth node of ayth tuple of the Ath level is 
computed as fiij, i, Vk^-xj)- 
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13. (Original) The method of claim 1 wherein the cryptographic functionality comprises a 
cryptographic functionality provided by a hardware-based authentication token. 

14. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to verify at least one of an authentication code and a distress code generated by a hardware- 
based authentication token. 

15. (Original) The method of claim 14 wherein the authentication token is configured to store 
at least two seeds, and the cryptographic functionality comprises a verification operation performed 
collaboratively by at least first and second servers each storing one of the seeds. 

16. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to generate at least one of an authentication code and a distress code utilizing a hardware- 
based authentication token. 

17. (Original) The method of claim 1 wherein the cryptographic functionality comprises at 
least one of an ability to verify a signature and an ability to generate a signature. 

18. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to generate one or more values of a one-way chain. 

19. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to perform symmetric cryptographic operations. 

20. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to perform asymmetric cryptographic operations. 
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2 1 . (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to derive one or more cryptographic keys. 

22. (Original) The method of claim 1 wherein the crjrptographic functionality comprises an 
ability to compute one or more seeds. 

23. (Original) The method of claim 22 wherein at least one of the seeds corresponds to at 
least one of the nodes of the graph. 

24. (Original) The method of claim I wherein the cryptographic functionality is partitioned 
in accordance with a subscription model which requires compliance with at least one specified 
criterion for transmission from the delegating device to the recipient device of the information 
representative of one or more of the nodes. 

25. (Original) The method of claim 24 wherein compliance with the specified criterion is 
satisfied upon receipt of a designated payment. 

26. (Original) The method of claim 1 wherein the recipient device and the delegating device 
collaborate to perform at least one of a cryptographic verification function and a cryptographic 
generation function. 

27. (Original) The method of claim 26 wherein the recipient device includes only a limited 
computational ability associated with performance of the cryptographic function. 

28. (Currently amended) An apparatus comprising: 

a processing device comprising a processor coupled to a memory; 
the processing device being utilizab le utilized in conjunction with partitioning of 
cryptographic functionality so as to permit delegation of at least one of a plurality of distinct 
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portions of the cryptographic functionality from the processing device, configured as a delegating 
device, to at least one recipient device, the cryptographic functionality being oharact e rizabl e 
characterized as a graph comprising a plurality of nodes; 

the processing device being configurabl e configured to associate a given set of the 
nodes with a corresponding one of the plurality of distinct portions of the cryptographic 
functionality, and to transmit to the recipient device information representative of one or more of the 
nodes, s uch that the recipient device is th e r e by configurabl e being configured based on the 
transmitted information for authorized execution of a corresponding one of die plurality of distinct 
portions of the cryptographic functionality. 

29. (Currently amended) An apparatus comprising: 

a processing device comprising a processor coupled to a memory; 

the processing device being utilizabl e utilized in conjunction with partitioning of 
cryptographic functionality so as to permit delegation of at least one of a plurality of distinct 
portions of the cryptographic functionality to the processing device, configured as a recipient device, 
from at least one delegating device, the cryptographic fiinctionality being choract e rizabl e 
characterized as a graph comprising a plurality of nodes; 

a given set of the nodes being associated with a corresponding one of the plurality of 
distinct portions of the cryptographic functionality; 

the processing device being operative to receive from the delegating device 
information representative of one or more of the nodes, Guch that the processing device is th e reby 
configurable being configured based on the received information for authorized execution of a 
corresponding one of the plurality of distinct portions of the cryptographic functionality, 

30. (Currently amended) A machine-readable storage medium containing one or more 
software programs for use in partitioning of cryptographic functionality so as to permit delegation of 
at least one of a plurality of distinct portions of the cryptographic functionality from a delegating 
device to at least one recipient device, the cryptographic functionality being oharaotorizabl e 



6 



EMC-06-463 

characterized as a graph comprising a plurahty of nodes, wherein the one or more software programs 
when executed by the delegating device implement the steps of: 

associating a given set of the nodes with a corresponding one of the plurahty of 
distinct portions of the cryptographic functionality; and 

transmitting from the delegating device to the recipient device information 
representative of one or more of the nodes , s uch that; 

the recipient device is th e r e by configurabl e being configured based on the transmitted 
information for authorized execution of a corresponding one of the plurality of distinct portions of 
the cryptographic functionality. 
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